Skip to content

Commit

Permalink
introduce sanitzer.js
Browse files Browse the repository at this point in the history
  • Loading branch information
scottqueen-bixal committed Sep 7, 2021
1 parent dc268c9 commit 7b81596
Showing 1 changed file with 102 additions and 0 deletions.
102 changes: 102 additions & 0 deletions src/js/utils/sanitizer.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
/* eslint-disable */
/* globals define, module */

/**
* A simple library to help you escape HTML using template strings.
*
* It's the counterpart to our eslint "no-unsafe-innerhtml" plugin that helps us
* avoid unsafe coding practices.
* A full write-up of the Hows and Whys are documented
* for developers at
* https://developer.mozilla.org/en-US/Firefox_OS/Security/Security_Automation
* with additional background information and design docs at
* https://wiki.mozilla.org/User:Fbraun/Gaia/SafeinnerHTMLRoadmap
*
*/
(function (root, factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
define(factory);
} else if (typeof exports === 'object') {
module.exports = factory();
} else {
root.Sanitizer = factory();
}
}(this, function () {
'use strict';

var Sanitizer = {
_entity: /[&<>"'/]/g,

_entities: {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
'\'': '&apos;',
'/': '&#x2F;'
},

getEntity: function (s) {
return Sanitizer._entities[s];
},

/**
* Escapes HTML for all values in a tagged template string.
*/
escapeHTML: function (strings) {
var result = '';

for (var i = 0; i < strings.length; i++) {
result += strings[i];
if (i + 1 < arguments.length) {
var value = arguments[i + 1] || '';
result += String(value).replace(Sanitizer._entity,
Sanitizer.getEntity);
}
}

return result;
},
/**
* Escapes HTML and returns a wrapped object to be used during DOM insertion
*/
createSafeHTML: function (strings) {
var _len = arguments.length;
var values = new Array(_len > 1 ? _len - 1 : 0);
for (var _key = 1; _key < _len; _key++) {
values[_key - 1] = arguments[_key];
}

var escaped = Sanitizer.escapeHTML.apply(Sanitizer,
[strings].concat(values));
return {
__html: escaped,
toString: function () {
return '[object WrappedHTMLObject]';
},
info: 'This is a wrapped HTML object. See https://developer.mozilla.or'+
'g/en-US/Firefox_OS/Security/Security_Automation for more.'
};
},
/**
* Unwrap safe HTML created by createSafeHTML or a custom replacement that
* underwent security review.
*/
unwrapSafeHTML: function () {
var _len = arguments.length;
var htmlObjects = new Array(_len);
for (var _key = 0; _key < _len; _key++) {
htmlObjects[_key] = arguments[_key];
}

var markupList = htmlObjects.map(function(obj) {
return obj.__html;
});
return markupList.join('');
}
};

return Sanitizer;

}));

0 comments on commit 7b81596

Please sign in to comment.